CVE-2017-18214 - Denial of Service (DoS)

Severity: None2022-10-13

Abstract

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.

The Oxygen products incorporate Moment.js as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

Product	Severity	Fixed Release Availability
Oxygen Content Fusion v5.0 and older	None	N/A

Mitigation

None

Detail

CVE-2017-18214

Severity: High

CVSS Score: 7.5

The Moment.js third-party library used by Oxygen XML products is an affected version mentioned in CVE-2017-18214 vulnerability description. However, Oxygen products does not set any user provided date string. For that reason, our products are not affected by this vulnerability.

List of Security Advisories

Oxygen XML Editor
Starting from
Academic $6/month
Personal $240
Business $942

Video Tutorials

Upcoming Events

Balisage: The Markup Conference 2024

CVE-2017-18214 - Denial of Service (DoS)

Abstract

Affected Products/Versions

Mitigation

Detail

Products

Features

Shop

Resources

Support

Company